Project

General

Profile

Freedom issue #1227

Google in Iceweasel

stig - over 2 years ago - . Updated over 2 years ago.

Status:
fixed
Priority:
freedom issue
Assignee:
% Done:

100%


Description

In Iceweasel, both the default and the hardened version, there are some privacy issues due to some safebrowsing, for example these settings by default:

browser.safebrowsing.provider.google.lastupdatetime;1489439288016
browser.safebrowsing.provider.google.gethashURL;https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
browser.safebrowsing.provider.google.lists;goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar
browser.safebrowsing.provider.google.nextupdatetime;1489441054016
browser.safebrowsing.provider.google.pver;2.2
browser.safebrowsing.provider.google.reportURL;https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=

and seven more.

See about:config

Shouldn't some of these at least be set to 'false' and/or zero?

History

#1

Updated by isacdaavid over 2 years ago

  • Assignee changed from Anonymous to g4jc
  • Status changed from open to info needed

Interesting, most of those exist in iceweasel but not in icecat 45. Additions or dependency injections maybe?

It is my understanding that "Safe Browsing" is being disabled at build time anyway, which is reflected by the key browser.safebrowsing.enabled. If this is correct then having those keys set to the factory defaults is completely harmless.

I'm assigning to G4JC, author of iceweasel-hardened, so that he can take a second look.

#2

Updated by libreuser over 2 years ago

+1 :)

#3

Updated by g4jc over 2 years ago

isacdaavid wrote:

It is my understanding that "Safe Browsing" is being disabled at build time anyway, which is reflected by the key browser.safebrowsing.enabled. If this is correct then having those keys set to the factory defaults is completely harmless.

Correct. Iceweasel sets safebrowsing to disabled so they have no affect. However, hardened takes it a step farther and removes them completely just to be on the safe-side. I also noticed that a few of the blacklists download in the background even though they are otherwise unused, which nulling them out fixes.

#4

Updated by stig over 2 years ago

Perhaps I'm wrong or missing something, but neither in Iceweasel or in Iceweasel-hardened are those settings removed nor disabled, at least not in about:config. So I don't understand.

It is disabled in Iceweasel-hardened:
https://git.parabola.nu/abslibre.git/tree/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js#n646

I don't understand what google is doing in Parabola's browser at all.

It is shipped by default in Mozilla Firefox from which Iceweasel is based on, "regular" Iceweasel will only set it to false.
https://git.parabola.nu/abslibre.git/tree/libre/iceweasel/vendor.js#n89

Would it be safe to set all the values to 'false', or is that stupid?

It should already be set to false, if it isn't set to false then there is a major problem. Keep in mind that browser addons and user.js can both override Parabola's systemwide settings, so knowing more about your current configuration may help in debugging this.

#5

Updated by g4jc over 2 years ago

  • % Done changed from 0 to 100
  • Status changed from info needed to fixed

Fixed in regular iceweasel with this commit:

https://git.parabola.nu/abslibre.git/commit/?id=59f1109923e62c85c273614d2b84932460a50771

Also disables Microsoft Family backdoor introduced with recent version of Firefox.

#6

Updated by g4jc over 2 years ago

stig wrote:

Would it be safe to set all the values to 'false', or is that stupid?

To clarify this question, yes setting them all to false isn't a good idea since Firefox looks for valid syntax. It has to be "http://127.0.0.1", "about:blank", "data:text/html", or simply "" (blank).

#7

Updated by isacdaavid over 2 years ago

I'm watching this, since it's likely to resurface in Icecat in the future

Also available in: Atom PDF